Yesterday I found out that some major service provider (online rentals) that I use now requires proof of my identity if I want to continue and make a booking. I was offered 2 options:
1) Enter last ...

A bitcoiner trying to understand the nation-states.
When I use my eID (I'm swedish and I have 'BankID'), and I sign something with my private key that's in the 'eID-file' that I've got on my laptop, ...

An official nation-state institution, like the Swedish Skatteverk, could easily let their citizens verify themselves online. O-auth tokens could be created by the nation-state institution, generated ...

It seems (to me at least) that is is generally accepted that "electronic identity" and "digital signatures" are a different thing. For example, in the Estonian ID card there are two certificates - one ...

During a support conversation with my VPN provider, I asked specifically: "is it impossible to filter out a single VPN user since your IPs are in use by many?". The answer was yes, it is impossible.
...

I have a few self-signed certificates that I use, and I find it tedious comparing the entire hex value of the hash when accepting it in a new location. To be honest I usually just look at the first ...

Quite a few websites, Coinbase and Stripe most notably, ask for the last four digits of your social security number to 'verify your identity'. Assuming these websites are not trying to fraud you, how ...

I've heard that IMEI numbers are stored on an EEPROM, essentially letting them be erased and rewritten.
Thieves misuse it to make stolen phones untraceable.
Is there a reason why manufacturers don't ...

I'm looking for any way to digitally verify a user, ideally with a photo and link PII to that user.
My use case is that a user will extract and send an encrypted data blob (say from a passport) to my ...

This is the scenario I need to cover:
A WebService that trusts on an IdP using Ws-Trust or any thing like that, receives a SAML token to authenticate the user, and we need to call some SQL Server or ...

My Gmail setting has forever been set to send emails with just my Gmail address as the identifier, so it should not send out my account name (first or last name)... or so I thought!
Recently I got a ...

When adding a User ID to your OpenPGP key, you are typically asked (for example by GnuPG) to provide a name, a comment, and an email address (where each part is optional).
This format (Name (Comment) ...

In most scenarios a person identifies who they are (authentication/AuthN) via something like a username and password. Afterwards a system would likely evaluate what that validated identity can perform ...

Original Question:
There is this older person (60+yrs) who is runs a business with internet presence yet when I do am internet search on him nothing pops up, not even photos!! How do I find out if he ...

Developers are dogmatic on having "invalid username or password" on login screens; our applications should not reveal if somebody is a member given an email address.
But there are two other ways our ...

Is there a way to ensure that an HTTP request to my REST server is coming from my application? I'm guessing no because whatever I do on the client side, as people have access to that code, they can ...

What is the best practice for choosing GPG user id(s)?
I've read various bits of advice, which sometimes even contradict each other. For instance, I've read that one should not use comments, because ...

I'm creating a website that only allows nonprofits and government organizations (parks, etc) to sign up and post service project listings. The accounts posting the listings must be verified to protect ...

The report from Hold Security says that 1.2 billion sets of credentials are in the possession of this party. I have a feeling that this report may be a hoax or a partial hoax due to grammatical errors ...

I want to develop a system, something like a comment system for a website, that ensures I know who is posting comments. The content that is exchanged is not valuable and does not need to be encrypted, ...

This question is mainly aimed at OpenID Connect, when it is fully realized.
I understand the aversion to signing in with a social networking site, but from what I understand about OIDC, its supposed ...

I hope you won't close the question. Even though there are no computers involved, it is still about information and security, and I think that security experts are the ones who will be able to help ...

Most webmail services like gmail, facebook, yahoo,.. allow anonymous to create a mail address.
If there is a security breach, user may lost important information on that address. They may add phone ...

When accepting public keys from someone setting up an identity provider for access to resources protected by a service provider using SAML 2.0, do you absolutely need to have a unique certificate? Is ...

I think this is related to this question, but I would like to know if there's also a way to prevent "third party" applications from seeing hardware IDs (motherboard, hard disks, and others), or giving ...